From 3ec6171e30751704bc7f00054869ca95bbd33756 Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Thu, 7 Feb 2019 20:52:26 -0700
Subject: [PATCH] Set all sources so node+agent in the same process doesn't get
 restricted

---
 cmd/kube-apiserver/app/server.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go
index 8b23c685fc89e..5c2f6b86b7819 100644
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@@ -29,6 +29,8 @@ import (
 	"strings"
 	"time"
 
+	"k8s.io/kubernetes/pkg/kubelet/types"
+
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
@@ -246,13 +248,15 @@ func CreateKubeAPIServerConfig(s completedServerRunOptions) (
 		return nil, nil, nil, err
 	}
 
+	all, _ := types.GetValidatedSources([]string{types.AllSource})
+
 	capabilities.Initialize(capabilities.Capabilities{
 		AllowPrivileged: s.AllowPrivileged,
 		// TODO(vmarmol): Implement support for HostNetworkSources.
 		PrivilegedSources: capabilities.PrivilegedSources{
-			HostNetworkSources: []string{},
-			HostPIDSources:     []string{},
-			HostIPCSources:     []string{},
+			HostNetworkSources: all,
+			HostPIDSources:     all,
+			HostIPCSources:     all,
 		},
 		PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec,
 	})